Data is often protected when communicated between a sender entity and a recipient entity. This is because there are typically one or more intermediary entities operated by third parties that reside between the two entities. Since the intermediary entities handle the data before it is received by a recipient entity, it is not secure for a sender entity to send unprotected confidential data. For example, there is a risk that a malicious party may intercept the confidential data and utilize it for fraud. Thus, in situations such as the one described above, a sender entity typically encrypts, obfuscates, or otherwise protects confidential data before providing it to a recipient entity.
An exemplary system 50 is shown in FIG. 1. Confidential data may be communicated from a sender entity computer 10 associated with a sender entity to a recipient entity computer 40 associated with a recipient entity. The confidential data may be processed by multiple intermediary servers, intermediary server 20 and intermediary server 30, associated with intermediary entities (e.g., third parties) before eventually being received by recipient entity computer 40.
In order to protect the confidential data when being communicated from sender entity computer 10 to recipient entity computer 40, sender entity computer 10 may first encrypt the confidential data before providing it to recipient entity computer 40. Intermediary server 20 may receive the encrypted data and then communicate the encrypted data to intermediary server 30. Recipient entity computer 40 can then receive the encrypted data sent by sender entity computer 10 and decrypt the encrypted data for use.
While the exemplary process described above with respect to FIG. 1 can be utilized to protect confidential data during transmission, it presents a number of problems. For example, the sender entity and recipient entity may have to store corresponding encryption keys to be utilized for encrypting and decrypting the confidential data. Typically, hardware security modules (HSMs) are implemented in order to securely store such encryption keys. However, since HSMs are expensive and cumbersome to manage, the use of HSMs may not be a viable option in many cases.
In addition, key management can also present a problem. In some cases, the sender entity and the recipient entity may have to follow a protocol to update keys regularly for security purposes. However, a key rotation process can be cumbersome because it involves coordination between the sender entity and the recipient entity each time that keys are updated. For example, the sender entity may have to manage regeneration, storage, and delivery of multiple encryption key sets and communicate updated information to the recipient entity so that encrypted data can be processed appropriately.
As described above, data typically needs to be protected when being sent to a remote entity. While existing data security protocols exist, they are not practical when applied to situations that might involve multiple intermediary parties that handle data processing.
Embodiments of the invention address these and other problems, individually and collectively.